Application of DDNS in production environment

1, DDNS (dynamicdomain Name Server)Dynamic Domain Name Service introduction
1.1 Introduction:

DDNS is to map the user's dynamic IP address to a fixed domain name resolution service, each time the user connects to the network, the client program will pass the dynamic IP address of the host to the server program located on the service host, the server program is responsible for providing the DNS service and implementing dynamic Domain name resolution.

1.2 Experimental Environment Description:

System: Centos 6.5

DDNS:DHCP + DNS (BIND9), DHCP and DNS servers for the same (ip:10.0.0.103)

Domain Name: ilo-zhangdh.com

network environment: One IDC, multiple servers (all with IPMI management interface) connected to the same core switch, then the system initial installation is cobbler, PXE-based, and then these servers connect to the DHCP server, will return the SN (Dell server number) number ( such as: idrac-hyq653x), DHCP randomly assigns an IP to the machine, and DNS updates the local DNS records. The last implementation is by accessing ilocng135t035.ilO-ZHANGDH. COM can access the corresponding server.

2. DDNS installation configuration2.1 Installing DNS and DHCP

# yum-y Install bind DHCP

2.2BuildDnsKeys , configuring SecureDnsService

# dnssec-keygen-a Hmac-md5-b 128-n USER ILO #以root身份运行, generate key

Dnssec-keygen: Used to generate the update key.

-AHMAC-MD5: Using HMAC-MD5 encryption algorithm.

-B 128: The generated key length is 128 bits.

-N Userilo: The user name of the key is ILO.

At this point, the current directory will generate Kilo.+xxx+xxxxx.key and . Private Two files

# cat Kilo.+xxx+xxxxx.key 'll see hqx9xaj75tgq1s8hhz9l7q==, the following will be used.

2.3 Configuring the DNS ilo-zhangdh.com domain data file for the reverse zone

# vim/etc/named.conf # forward zone data file

Key ILO {

Algorithm HMAC-MD5;

Secret hqx9xaj75tgq1s8hhz9l7q==;

};

Options {

Directory "/var/named";

Dump-file "/var/named/data/cache_dump.db";

Statistics-file "/var/named/data/named_stats.txt";

Memstatistics-file "/var/named/data/named_mem_stats.txt";

#forwarders {8.8.8.8;};

Allow-transfer {none;};

#listen-on Port 53 {127.0.0.1; 10.1.1.103;};

recursion Yes;

};

Logging {

Channel Default_debug {

File "Data/named.run" size 30M;

Severity Debug 3;

Print-time Yes;

};

};

Zone "." in {

Type hint;

File "named.ca";

};

Zone "Ilo-zhangdh.com" {

Type master;

File "Ilo-zhangdh.com.dns";

allow-update {any;};

};

Zone "202.1.in-addr.arpa" in {

Type master;

File "202.1.in-addr.ilo-zhangdh.com.rev";

allow-update {any;};

};

Zone "201.1.in-addr.arpa" in {

Type master;

File "201.1.in-addr.ilo-zhangdh.com.rev";

allow-update {any;};

};

# Vim/var/named/ilo-zhangdh.com.dns

$ORIGIN.

$TTL 86400; 1 day

Ilo-zhangdh.com in SOA ilo-zhangdh.com. Root.ilo-zhangdh.com. (

2014123597; serial

120; Refresh (2 minutes)

14400; Retry (4 hours)

3600000; Expire (5 weeks 6 days hours)

86400; Minimum (1 day)

)

NS dns.ilo-zhangdh.com.

A 10.1.1.103

$ORIGIN ilo-zhangdh.com.

DNS A 10.1.1.103

# Vim/var/named/201.10.in-addr.ilo-zhangdh.com.rev

$ORIGIN.

$TTL 86400; 1 day

201.10.in-addr.arpa in SOA ilo-zhangdh.com. Root.ilo-zhangdh.com. (

2014114021; serial

120; Refresh (2 minutes)

14400; Retry (4 hours)

3600000; Expire (5 weeks 6 days hours)

86400; Minimum (1 day)

)

NS ilo-zhangdh.com.

$ORIGIN 201.1.in-addr.arpa.

103 PTR dns.ilo-zhangdh.com.

# Vim/var/named/202.10.in-addr.ilo-zhangdh.com.rev

$ORIGIN.

$TTL 86400; 1 day

202.10.in-addr.arpa in SOA ilo-zhangdh.com. Root.ilo-zhangdh.com. (

2014118989; serial

120; Refresh (2 minutes)

14400; Retry (4 hours)

3600000; Expire (5 weeks 6 days hours)

86400; Minimum (1 day)

)

NS ilo-zhangdh.com.

$ORIGIN 202.1.in-addr.arpa.

103 PTR dns.ilo-zhangdh.com.

......

Note: 1. Other files of the reverse zone data file and the above configuration, a slight modification can be.

2. If the configuration succeeds, the. Jnl file is generated under /var/named/

such as:Ilo-zhangdh.com.dns.jnl,201.1.in-addr.ilo-zhangdh.com.rev.jnl

# Chown-r Named.named/var/named

2.4 Configuring DHCP for dhcpd.conf

# vim/etc/dhcp/dhcpd.conf

Key ILO {

Algorithm HMAC-MD5;

Secret hqx9xaj75tgq1s8hhz9l7q==;

}

Ddns-domainname "ilo-zhangdh.com";

Ddns-update-style Interim;

Ddns-updates on;

Update-conflict-detection false;

#allow client-updates;

Allow unknown-clients;

authoritative;

Ignore client-updates;

Zone ilo-zhangdh.com. {#ilo-zhangdh.com. The last "." must have

Primary 10.1.1.103;

Key ILO;

} # cannot have ";" In the end

Zone 201.10.in-addr.arpa. {

Primary 10.1.1.103;

Key ILO;

}

Zone 202.10.in-addr.arpa. {

Primary 10.1.1.103;

Key ILO;

}

Subnet 10.0.0.0 netmask 255.255.0.0{# means unassigned

}

Subnet 10.201.0.0 netmask 255.255.0.0 {

Option routers 10.201.255.254;

Option Subnet-mask 255.255.0.0;

Option time-offset-18000; # Eastern Standard Time

Option Ntp-servers 10.0.0.60;

Range DYNAMIC-BOOTP 1.201.0.1 1.201.254.255;

#option broadcast-address 10.201.0.255;

Default-lease-time 69120000;

Max-lease-time 86400000;

Option Domain-name "ilo-zhangdh.com";

Option Domain-name-servers 10.1.1.103;

}

Subnet 10.202.0.0 netmask 255.255.0.0 {

Option routers 10.202.255.254;

Option Subnet-mask 255.255.0.0;

Option Domain-name "ilo-zhangdh.com";

Option Domain-name-servers 10.1.1.103;

Option time-offset-18000; # Eastern Standard Time

Option Ntp-servers 10.0.0.60;

Range DYNAMIC-BOOTP 10.202.0.1 10.202.254.255;

Default-lease-time 14400;

Max-lease-time 86400;

}

# vim/etc/resolved.conf

NameServer 127.0.0.1

3. Verification

# tail-f/var/log/messages

--> indicates that the 10.0.0.0/16 network segment is not assigned and can be checked in the configuration above

Dec 7 03:20:43 10_0_0_103 dhcpd:dhcpdiscover from 78:2b:cb:2c:83:44 viaem1:network 10.0.0.0/16:no free leases

--> indicates successful distribution

Dec 7 03:20:48 10_0_0_103 named[7769]: Client 10.10.110.240#53:updatingzone ' ilo-zhangdh.com/in ': Adding an RR at ' ILOCNG 135t040. ILO

-jiayuan.com ' A

Dec 7 03:20:58 10_0_0_103 named[7769]: Client 10.10.110.240#53:updatingzone ' 110.10.10.in-addr.arpa/in ': adding an RR at ' 240.110.10

.10.in-addr. ARPA ' PTR

--> See if the assignment was successful and then access the ilocng135t040.ilo-zhangdh.com to access the management port

# ping ilocng135t040. Ilo-zhangdh.com

PING ilocng135t040. ilo-zhangdh.com (10.10.110.240) bytes of data.

Bytes from ilocng135t040. Ilo-zhangdh.com (10.10.110.240): icmp_seq=1 ttl=250 time=2.17 ms

Bytes from ilocng135t040. Ilo-zhangdh.com (10.10.110.240): icmp_seq=2 ttl=250 time=0.871 ms

Bytes from ilocng135t040. Ilo-zhangdh.com (10.10.110.240): icmp_seq=3 ttl=250 time=0.930 ms

Bytes from ilocng135t040. Ilo-zhangdh.com (10.10.110.240): icmp_seq=4 ttl=250 time=0.886 ms

This article is from the "Linuxblind Open Space" blog, so be sure to keep this source http://linuxblind.blog.51cto.com/7616603/1709730

Application of DDNS in production environment